package cn.tedu._07security.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/api/")
public class ResourceController {
    @GetMapping("public/hello")
    public String helloPublic(){
        return "hello public";
    }

    //资源方法标注，只有拥有sys:private:view权限的用户才可以访问该资源
    //每个用户的权限在哪里?-------在数据库的数据表中
    @PreAuthorize("hasAnyAuthority('sys:private:view')")
    @GetMapping("private/hello")
    public String helloPrivate(){
        return "hello private";
    }
}
